From 2b552aae5024d4ac97b9bee50b4625edc5943897 Mon Sep 17 00:00:00 2001 From: "svoj@mysql.com/june.mysql.com" <> Date: Thu, 20 Mar 2008 19:07:17 +0400 Subject: [PATCH 1/2] BUG#34788 - malformed federated connection url is not handled correctly - crashes server ! Creating federated table with connect string containing empty (zero-length) host name and port is evaluated as 0 (port is incorrect, omitted or 0) crashes server. This happens because federated calls strcmp() with NULL pointer. Fixed by avoiding strcmp() call if hostname is set to NULL. --- mysql-test/r/federated.result | 2 ++ mysql-test/t/federated.test | 7 +++++++ sql/ha_federated.cc | 9 ++++++++- 3 files changed, 17 insertions(+), 1 deletion(-) diff --git a/mysql-test/r/federated.result b/mysql-test/r/federated.result index 3a934e7fe3c..685e4d0c335 100644 --- a/mysql-test/r/federated.result +++ b/mysql-test/r/federated.result @@ -2069,6 +2069,8 @@ a b 1 1 DROP TABLE t1; DROP TABLE t1; +CREATE TABLE t1 (a INT) ENGINE=federated CONNECTION='mysql://@:://'; +DROP TABLE t1; DROP TABLE IF EXISTS federated.t1; DROP DATABASE IF EXISTS federated; DROP TABLE IF EXISTS federated.t1; diff --git a/mysql-test/t/federated.test b/mysql-test/t/federated.test index 934db5cd68b..f33dfa3a1b8 100644 --- a/mysql-test/t/federated.test +++ b/mysql-test/t/federated.test @@ -1738,4 +1738,11 @@ DROP TABLE t1; connection slave; DROP TABLE t1; +# +# BUG#34788 - malformed federated connection url is not handled correctly - +# crashes server ! +# +CREATE TABLE t1 (a INT) ENGINE=federated CONNECTION='mysql://@:://'; +DROP TABLE t1; + source include/federated_cleanup.inc; diff --git a/sql/ha_federated.cc b/sql/ha_federated.cc index c0743bd6c9a..a5e4714c53a 100644 --- a/sql/ha_federated.cc +++ b/sql/ha_federated.cc @@ -643,12 +643,19 @@ static int parse_url(FEDERATED_SHARE *share, TABLE *table, if ((strchr(share->table_name, '/'))) goto error; + /* + If hostname is omitted, we set it to NULL. According to + mysql_real_connect() manual: + The value of host may be either a hostname or an IP address. + If host is NULL or the string "localhost", a connection to the + local host is assumed. + */ if (share->hostname[0] == '\0') share->hostname= NULL; if (!share->port) { - if (strcmp(share->hostname, my_localhost) == 0) + if (!share->hostname || strcmp(share->hostname, my_localhost) == 0) share->socket= my_strdup(MYSQL_UNIX_ADDR, MYF(0)); else share->port= MYSQL_PORT; From f064cd84d59c0f9de3dc8842c28227c6a4d75a00 Mon Sep 17 00:00:00 2001 From: "svoj@mysql.com/june.mysql.com" <> Date: Tue, 25 Mar 2008 12:47:57 +0400 Subject: [PATCH 2/2] BUG#35509 - Federated leaks memory when connecting to localhost/default port When creating federated table that points to unspecified host or localhost on unspecified port or port is 0, small memory leak occurs. This happens because we make a copy of unix socket path, which is never freed. With this fix we do not make a copy of unix socket path, instead share->socket points to MYSQL_UNIX_ADDR constant directly. This fix is covered by a test case for BUG34788. Affects 5.0 only. --- mysql-test/t/federated.test | 5 +++++ sql/ha_federated.cc | 3 +-- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/mysql-test/t/federated.test b/mysql-test/t/federated.test index f33dfa3a1b8..9e7548a21ed 100644 --- a/mysql-test/t/federated.test +++ b/mysql-test/t/federated.test @@ -1742,6 +1742,11 @@ DROP TABLE t1; # BUG#34788 - malformed federated connection url is not handled correctly - # crashes server ! # +# also tests +# +# BUG#35509 - Federated leaks memory when connecting to localhost/default +# port +# CREATE TABLE t1 (a INT) ENGINE=federated CONNECTION='mysql://@:://'; DROP TABLE t1; diff --git a/sql/ha_federated.cc b/sql/ha_federated.cc index a5e4714c53a..d414dc34f02 100644 --- a/sql/ha_federated.cc +++ b/sql/ha_federated.cc @@ -656,7 +656,7 @@ static int parse_url(FEDERATED_SHARE *share, TABLE *table, if (!share->port) { if (!share->hostname || strcmp(share->hostname, my_localhost) == 0) - share->socket= my_strdup(MYSQL_UNIX_ADDR, MYF(0)); + share->socket= (char*) MYSQL_UNIX_ADDR; else share->port= MYSQL_PORT; } @@ -1342,7 +1342,6 @@ static int free_share(FEDERATED_SHARE *share) { hash_delete(&federated_open_tables, (byte*) share); my_free((gptr) share->scheme, MYF(MY_ALLOW_ZERO_PTR)); - my_free((gptr) share->socket, MYF(MY_ALLOW_ZERO_PTR)); thr_lock_delete(&share->lock); VOID(pthread_mutex_destroy(&share->mutex)); my_free((gptr) share, MYF(0));